The present invention pertains to point-to-point cryptographic systems and more particularly to seamless rekey cryptographic systems.
Point-to-point cryptographic systems are used to prevent unauthorized access to data on communication links. Seamless rekey cryptographic systems reduce data storage requirements and allow changing the crypto key more often resulting in a more secure and robust cryptosystem. In typical point-to-point cryptographic systems, an encryption or send unit transmits encrypted or coded digital data to a de-cryption or receive unit over a secure data link.
The digital data is encoded using a key known only to the send and receive units to deny data access by any unauthorized receiver. The encryption key has variables that can be changed periodically to aid in preventing the key from being easily dechipered by examining the transmitted encoded data.
Present state of the art cryptographic key generators have a basic limitation. The changing of a variable in the encryption key requires downtime on the encrypted data communications link. The changing of the crypto key is referred to as the "variable update" or the "change variable" process.
The process of changing the key's variable requires the data traffic in the link to be suspended, a new variable placed into the key generator (KG) of the cryptosystem, and the send and transmit equipments must go through a resynchronization on the new variable in the key. The need for resynchronization can cause downtime on the link of 10's of seconds, or more. For very high speed encryptors of over 1 Giga bits per second, the need for resynchronization could result in a loss or blockage of huge amounts of data.
The data could be real-time data, where the loss of the data is not protected through buffering or protocols, and therefore constitutes a significant data loss issue, or requires providing large data storage capability during the rekey operation.
Because of the lost data issue, the operational policies of cryptosystem management balance the need to rekey for security of the link versus the concern over a loss of data. Typically the cryptosystem will minimize downtime as much as possible and only change keys as needed to try to prevent in-depth traffic analysis.
Accordingly, it is an advantage of the present invention to provide an of implementation a seamless rekey system for improved operation and security of cryptographic data communication equipment.